Your New iPhone's Defaults Put Your Privacy at Risk

The groundbreaking voice-recognition personal assistant on the brand-new Apple (AAPL) iPhone 4S turns out to be quite the chatterbox when you least expect her to be. As reported by CNET, Siri doesn't go to sleep when the phone is locked. This means that the best password or most intricate unlock pattern won't stop her from responding to requests at the least opportune of times.

Let's say you locked your phone, then left it on your desk. Prank-happy coworkers are then free to send embarrassing text messages or emails to anyone in your address book while you're gone. That's a pretty harmless example. You certainly wouldn't want to leave Siri this exposed if you lost the phone outright.

That's the default behavior. In a couple of clicks, Siri's outgoing nature can be put on permanent hold. Problem solved, right? Nope, sorry.

When "Off" Doesn't Mean "Off"

As it turns out, the average user of modern technology very rarely messes with system settings like Siri's lock-screen functionality.

Consulting firm User Interface Engineering asked lots of regular users to send in their settings file for their Microsoft (MSFT) Office word processor. Guess how many respondents never changed a single setting?: A whopping 95%. Whatever Microsoft saw fit to use as a default was good enough for nearly everyone, leaving only 5% with a fully functional setup.

That's a problem. Many of those default settings are downright bad, such as the inexplicable decision to turn off document auto-save features. In a similar vein, Microsoft threw in some new security features for its Hotmail service last year. Eight months later, only 0.4% of Hotmail users had enabled them.

Opt-in Security Is a Terrible Idea

Microsoft certainly isn't alone in putting the onus on users to fix their own security leaks. Users of other companies' products are just as complacent. It only takes a very simple program and no hacking skills at all to place calls with a fake caller ID number -- which then lets you log in automatically to many voice mail systems.

This is why Verizon (VZ) always requires a passcode before playing voice mails -- anything less is just too insecure.
AT&T (T) is coming around to the same conclusion, and all of Ma Bell's voice mail accounts will require actual logins staring in 2012. Meanwhile, Sprint Nextel (S) leaves it up to you to enable passwords. So you probably haven't.

Motley Fool contributor Anders Bylund holds no position in any of the companies discussed here. He routinely changes more settings than he should. The Motley Fool owns shares of Microsoft and Apple. Motley Fool newsletter services have recommended buying shares of Apple, Microsoft, and AT&T, as well as creating bull call spread positions in Apple and Microsoft.